CrowdStrike's rivals stand to benefit from its update fail debacle

Kyle Wiggers
Updated ·4 min read
2

The CrowdStrike debacle — a bug in the company's Windows software that had the disastrous effect of rendering PCs unusable — has disrupted flights, canceled elective medical treatments, and left many an office worker twiddling their thumbs for hours. Unsurprisingly, it's also tanked CrowdStrike's stock price, even as the company's CEO, George Kurtz, promises a fix and systems begin to crawl back online.

Rivals stand to gain.

While it's difficult to assess at present the business fallout from what's being called the worst IT outage in history, investors appear to be sensing opportunity. Stocks in CrowdStrike competitors SentinelOne and Palo Alto Networks climbed by as much as 10% this afternoon.

CrowdStrike competes with a number of vendors, including SentinelOne and Palo Alto Networks but also Microsoft, Trellix, Trend Micro and Sophos, in the endpoint security market. Endpoint security tools detect malware on laptops, mobile phones and other devices that have access to corporate networks.

As of year-end 2023, CrowdStrike had an estimated 14.74% share of global revenue from security software sales, raking in roughly $2.01 billion, according to data from Gartner. That's second only to Microsoft, which had a 40.16% share ($5.49 billion) last year; CrowdStrike's next-largest competitor is Trellix, with a 6.62% share ($906 million) as of 2023.

Eric Grenier, cybersecurity threat detection and exposure analyst at Gartner, cautioned that it's too early to say who the "winners" are in the ongoing CrowdStrike saga. But he told TechCrunch that he often sees Microsoft and SentinelOne shortlisted by the clients he speaks with, and it wouldn't surprise him if Friday's events cemented a few C-suite decisions in favor of CrowdStrike alternatives.

"I think that there will be some orgs that have zero tolerance for what happened and will look to alternative solutions," Grenier said. "Every time a competitor’s sales team is in front of a potential customer and competing against CrowdStrike, they can point to this incident as to why you should choose them over CrowdStrike. Long term, I expect CrowdStrike to suffer some loss in business."

Not everyone agrees.

Mike Jude, research director at IDC, notes that competitors face essentially the same risks as CrowdStrike in that they're forced to constantly adjust to a changing threat environment and that this rapid response can lead to critical mistakes. The CrowdStrike bug stemmed from a routine update to the company's flagship Falcon Sensor product, which conflicted with many Windows installations.

"I don’t believe we should think of this outage as a win/lose situation; I don’t think you will find many of CrowdStrike's competitors celebrating over this outage," Jude said. "I do think this outage illustrates just how dependent we have become on cybersecurity solutions."

Chirag Mehta, VP and principal analyst at Constellation Research, echoed Jude's sentiment that rivals dodged a bullet by luck. "Other vendors are fortunate that they were not affected this time," Mehta told TechCrunch. "They now have the opportunity to evaluate the depth of their integration with operating systems, the methods of air-gapping their updates and their deployment processes. Overconfidence can be dangerous."

In a memo to investors Friday morning, analysts at Goldman Sachs said that it expects to see "minimal share shifts" in the endpoint security market as a result of the CrowdStrike bug. Customers generally understand that it's a question of when — not if — these incidents will happen, the analysts write, and so they care more about a fix and transparent communication.

"In our view, cybersecurity products have to clear a higher bar of reliability and security in customer deployments than other technology products because they are mission critical and actively attacked by adversaries," the Goldman analysts wrote. "In some ways, we believe this [outage] will reinforce the barrier to entry in the industry and the need for best-in-class update, outage and customer service protocols, ultimately favoring companies with scale."

The analysts cite a case study: the Okta breach.

In October 2023, hackers accessed data on all of Okta's thousands of identity and access management customers. While the hack elongated the deal cycle for some organizations as they looked to ascertain whether Okta's security protocols had improved (and evaluated other products), it didn't lead to massive churn. For the most part, Okta customers stayed Okta customers.

If anything, says Raj Joshi, SVP for Moody's Ratings, the wide-ranging effect of the CrowdStrike outage illustrates the precariousness of IT infrastructure today. "This incident calls into question CrowdStrike’s software engineering practices," Joshi said, "[but] it also underscores growing vulnerabilities in global cloud infrastructure from increasing points of failure."